module templates incorrectly assume external_reference will follow S-Code and G-Code conventions and case
watgh opened this issue · 1 comments
BLUF:
please drop the use the "|upper" in creation of the href in a table's card element.
When customizing STIX objects for use by the attack-website generation on our internal site, we discovered that the pelican templates for groups (specifically, but elsewhere as well) are inconsistent when creating the cards for groups and other tables.
For the display name, upper case by default may be appropriate for table uniformity of appearance. Unfortunately, forcing the href to use a specific case or perhaps use a different URL can result in an invalid URL.
For example from the enterprise ATTACK:
...
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "G0001",
"url": "https://attack.mitre.org/groups/G0001"
},
....
"name": "Axiom",
....
The site generation code will create a directory /groups/G0001.
And the ID field for the card in the group table will look like:
<td>
<a href="/groups/G0001"> G0001 </a>
</td>
That comes from the group-index.html template in modules/groups/templates, specifically starting at line 47:
<tbody>
{% for row in parsed.groups_table %}
<tr>
<td>
<a href="/groups/{{row.id|upper}}"> {{row.id|upper}} </a>
</td>
<td>
<a href="/groups/{{row.id|upper}}"> {{row.name}} </a>
</td>
Note the "|upper" directive
The problem comes, when the ID case may not natively be upper
for example an intrusion set named "SomeFineGroupName" has an external reference appears as:
{
"source_name": "mitre-attack",
"url": "https://my-attack-website.myorg.com/groups/MyCustomNotUpperCaseCode"
"external_id": "MyCustomNotUpperCaseCode"
}
The resulting directory entry will be generated as /group/MyCustomNotUpperCaseCode, matching the ID in the stix object.
The resulting card for the groups table however, will result in an ref such as:
<td>
<a href="/groups/MYCUSTOMNOTUPPERCASECODE"> MYCUSTOMNOTUPPERCASECODE </a>
</td>
The solution is to drop the "|upper" directive in the href, while keeping the label as is if desired.
Just to clarify, I'm asking you to change the template to remove the upper directive from the href generation for datasource, software and groups:
<td>
<a href="/groups/{{row.id}}"> {{row.id|upper}} </a>
</td>
<td>
<a href="/groups/{{row.id}}"> {{row.name}} </a>
</td>